Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2024/04/30 10:13 a.m.52 views

Exploit for PHP External Variable Modification in Juniper Junos

PoC exploit for CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847. This exploit targets Juniper JunOS within SRX and EX Series products, achieving Remote Code Execution RCE by chaining four vulnerabilities. The exploit involves uploading an arbitrary PHP file to a restricted director...

9.8CVSS8.7AI score0.94205EPSS
Exploits28
Gitee
Gitee
added 2024/07/08 11:23 a.m.49 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...

9CVSS8AI score0.25334EPSS
Exploits32
Gitee
Gitee
added 2024/03/05 12:41 p.m.46 views

Exploit for CVE-2021-42278

This is a PoC exploit for CVE-2021-42278 and CVE-2021-42287, which are two vulnerabilities in the Windows operating system that allow an attacker to impersonate a Domain Administrator DA from a standard domain user. The exploit uses the Impacket library to interact with the Windows Domain...

8.8CVSS7.4AI score0.74265EPSS
Exploits10
Gitee
Gitee
added 2024/03/05 12:41 p.m.44 views

Exploit for CVE-2021-42278

This is a Python script for exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate a Domain Administrator DA from a standard domain user. The script uses the Impacket library to interact with the Active Directory. The script has several components: 1. samtheadmin.py: This is the main script...

8.8CVSS7.3AI score0.74265EPSS
Exploits10
Gitee
Gitee
added 2021/08/14 11:0 p.m.43 views

Exploit for Improper Access Control in Xen

kernel-exploit-factory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. You can use Qem...

8.8CVSS7.5AI score0.99295EPSS
Exploits159
Gitee
Gitee
added 2024/05/30 2:15 p.m.41 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

amalmurali47/hook This repository is part of the PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. This repository contains the malicious hook used in the exploit. Overview For detailed instructions and an explanation of how the exploit works,...

9CVSS7.9AI score0.25334EPSS
Exploits32
Gitee
Gitee
added 2024/03/07 11:3 a.m.37 views

jndi_tool

It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is not explicitly mentioned, but the tool is designed to exploit JNDI-related vulnerabilities, including RCE Remote Code Execution and potential log4j RCE. The target product/service is JNDI, and the vulnerability...

7AI score
Exploits0
Gitee
Gitee
added 2017/07/31 3:46 p.m.37 views

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...

10CVSS8.1AI score0.99999EPSS
Exploits257
Gitee
Gitee
added 2024/03/05 12:41 p.m.35 views

redteam-research

Collection of PoC and offensive techniques used by the BlackArrow Red Team...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/04 9:14 a.m.35 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Sophos Unified_Threat_Management_Software

SSHTron SSHTron is a multiplayer lightcycle game that runs through SSH. 通过下面命令连接到游戏: $ ssh 192.168.1.111:2022 Controls: WASD or vim keybindings to move do not use your arrow keys. Escape or Ctrl+C to exit. Want to choose color yourself? 有7种颜色可供选择: Red, Green, Yellow, Blue, Magenta, Cyan and White...

8.1CVSS7.8AI score0.63468EPSS
Exploits3
Gitee
Gitee
added 2019/12/04 9:40 p.m.35 views

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.2 BUG 目前masscan存在bug,正在解决中 简介...

10CVSS8AI score0.99999EPSS
Exploits145
Gitee
Gitee
added 2020/11/25 11:4 p.m.31 views

Exploit for Code Injection in Microsoft

somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...

10CVSS8AI score0.99999EPSS
Exploits497
Gitee
Gitee
added 2024/03/05 10:53 a.m.30 views

jexboss

This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.x and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/11/10 10:33 a.m.30 views

Exploit for Race Condition in Canonical Ubuntu_Linux

内网渗透中的一些工具及项目资料 入侵与渗透是两个不同的概念,很多人喜欢混为一谈,简单来说,入侵是从信息收集到打点,渗透是横向移动,获取目标,稳固权限。本页是针对内网渗透中整理的一些工具以及项目资料,方便安全从业人员查阅. 此项目同步至:https://forum.ywhack.com/bountytips.php?pentest 目录 信息收集 漏洞利用 免杀系列 代理隧道 权限提升 权限维持 横向移动 技术资料 信息收集 2021.04.06 - https://github.com/shadow1ng/fscan - 一款内网扫描工具,方便一键大保健 推荐: | 编程语言: Gola...

7.8CVSS7.7AI score0.99295EPSS
Exploits159
Gitee
Gitee
added 2020/06/19 2:5 p.m.30 views

Exploit for CVE-2020-2551

PoC exploit for CVE-2020-2551, a Python example targeting Weblogic RCE via IIOP. The target vulnerability is a remote code execution vulnerability in Oracle WebLogic Server. The exploit uses the GIOP General Inter-ORB Protocol and CORBA Common Object Request Broker Architecture to establish a...

9.8CVSS9.9AI score0.93168EPSS
Exploits18
Gitee
Gitee
added 2021/10/17 12:0 a.m.29 views

Exploit for Improper Initialization in Docker

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Microsoft 365 Defender研究团队和威胁情报中心(MSTIC)的SolarWinds攻击分析文章 OpenSSL 拒绝式攻击严重漏洞CVE-2020-1971 安全论文:《Measuring and...

10CVSS7.7AI score0.99512EPSS
Exploits136
Gitee
Gitee
added 2019/08/19 8:35 p.m.29 views

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of exploits and tools for various vulnerabilities, including CVE-2014-0160 Heartbleed, CVE-2014-6271 Shellshock, CVE-2017-5638 Apache Struts 2, and others. The repository includes Python scripts for exploiting these vulnerabilities, as well as documentation a...

10CVSS7.6AI score0.99999EPSS
Exploits257
Gitee
Gitee
added 2021/11/21 6:31 p.m.28 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

8.8CVSS6.8AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2019/10/15 8:29 p.m.28 views

Exploit for OS Command Injection in Webmin

It is an exploit module for CVE-2019-15107, a vulnerability in Webmin. The target product/service is Webmin, a web-based interface for system administration. The vulnerability class/vector is a remote command execution RCE vulnerability. The probable entry point is the "passwordchange.cgi" script...

10CVSS7.6AI score0.99766EPSS
Exploits37
Gitee
Gitee
added 2019/08/16 11:8 a.m.28 views

Exploit for Use After Free in Microsoft

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 CVE-2019-10173 Xstream 远程代码执行漏洞 Linux 内核报TCP SACK漏洞 CVE-2019-11477/78/79,请尽快处理 漏洞预警Weblogic最新反序列化远程命令执行漏洞绕过...

10CVSS8.4AI score0.99999EPSS
Exploits155
Gitee
Gitee
added 2021/01/20 7:4 p.m.27 views

Exploit for Integer Overflow or Wraparound in F5 Nginx

PoC exploit for CVE-2017-7529, a vulnerability in the Apache HTTP Server. The target is the Apache HTTP Server, with the vulnerability class being a buffer overflow. The probable entry point is the CVE-2017-7529PoC.py script, which uses the requests library to send a GET request to the target...

7.5CVSS8.6AI score0.62597EPSS
Exploits6
Gitee
Gitee
added 2021/12/25 11:34 a.m.26 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

This is a Metasploit module targeting a command injection vulnerability in Hikvision web servers. The module is designed to exploit the vulnerability by sending malicious commands to the vulnerable server. The module is written in Python and uses the Metasploit framework to interact with the targ...

9.8CVSS9.6AI score0.99869EPSS
Exploits23
Gitee
Gitee
added 2020/03/17 1:49 p.m.26 views

Exploit for Use After Free in Microsoft

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 facebook又爆出大量数亿用户隐私数据泄露 CVE-2019-14378 QEMU VM Escape严重漏洞,影响KVM等QEMU为后端的虚拟平台 CVE-2019-10173 Xstream 远程代码执行漏洞...

10CVSS9.1AI score0.99999EPSS
Exploits157
Gitee
Gitee
added 2021/12/02 3:59 p.m.25 views

Exploit for Race Condition in Canonical Ubuntu_Linux

《云原生安全:攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全:攻防实践与体系构建》一书的补充材料和随书源码,供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用,严禁用于非法用途,违者后果自负! 相关链接:豆瓣 | 京东 | 当当 补充阅读资料 - 100云计算简介.pdf - 101代码安全.pdf - 200容器技术.pdf - 201容器编排.pdf - 202微服务.pdf - 203服务网格.pdf - 204DevOps.pdf - CVE-2017-1002101:突破隔离访问宿主机文件系统.pdf -...

10CVSS7.5AI score0.9857EPSS
Exploits128
Gitee
Gitee
added 2021/07/25 4:14 p.m.25 views

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472 ZeroLogon vulnerability. The target product/service is Windows Domain Controller DC. The vulnerability class/vector is authentication bypass via all-zero challenge. The probable entry point is the Netlogon service, which is accessed via the Impacket library. Notable...

10CVSS7.8AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2021/05/16 4:14 p.m.25 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
Gitee
Gitee
added 2020/12/20 6:43 p.m.25 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits281
Gitee
Gitee
added 2021/07/09 11:20 a.m.24 views

Exploit for Out-of-bounds Write in Qemu

This repository contains PoCs Proof of Concepts for two vulnerabilities: CVE-2020-14364 Qemu and CVE-2020-1472 Zerologon. CVE-2020-14364 Qemu The Qemu PoC is a C code that exploits a vulnerability in the Qemu emulator. The code includes two files: exp1irq.c and exp2configread.c. These files appea...

10CVSS7.5AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2020/12/04 4:44 p.m.24 views

Exploit for Improper Initialization in Docker

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Nmap 7.9发布,更新Npcap,大量指纹更新 Windows Server域控 Netlogon特权提升漏洞 CVE-2020-1472 暗网中网络安全行业暴露状况研究 五眼联盟国家网络安全技术指导书...

10CVSS7.8AI score0.99512EPSS
Exploits134
Gitee
Gitee
added 2020/11/27 10:59 a.m.24 views

Exploit for Code Injection in Microsoft

somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...

10CVSS8AI score0.99999EPSS
Exploits458
Gitee
Gitee
added 2020/05/25 3:22 p.m.24 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but the repository contains various vulnerable environments based on Docker-Compose, including ones for Flask, Apache, and...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/10/21 11:42 a.m.23 views

Exploit for Path Traversal in Mikrotik Routeros

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

10CVSS9.8AI score0.99999EPSS
Exploits126
Gitee
Gitee
added 2020/07/07 8:12 p.m.23 views

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

PoC exploit for CVE-2017-12149, an arbitrary file upload vulnerability in JBoss Application Server. The exploit module targets the JBoss Application Server, specifically the CVE-2017-12149 vulnerability, which allows for arbitrary file uploads. The module is designed to exploit this vulnerability...

9.8CVSS9.8AI score0.90713EPSS
Exploits14
Gitee
Gitee
added 2020/05/06 3:20 p.m.23 views

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

PenetrationTestingPOCWithPython - IOT Device - Web APP - 提权辅助相关 - PC - tools - books - 说明 PenetrationTestingPOCWithPython 搜集有关渗透测试中用python编写的POC、脚本 请使用搜索查找 IOT Device - 天翼创维awifi路由器存在多处未授权访问漏洞 - 华为WS331a产品管理页面存在CSRF漏洞 - CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 - D-Link路由器RCE漏洞 -...

10CVSS7.1AI score0.99999EPSS
Exploits416
Gitee
Gitee
added 2021/10/22 3:45 p.m.22 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
Gitee
Gitee
added 2021/08/15 11:58 p.m.22 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an open-source collection of vulnerable web applications and environments for security testing and education. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...

9.8CVSS7AI score0.99686EPSS
Exploits61
Gitee
Gitee
added 2021/01/15 2:38 p.m.21 views

Exploit for Cross-site Scripting in Squid-Cache Squid

CVE-2018-19131 is a proof-of-concept exploit for a vulnerability in Squid, a caching and proxy server. The exploit is built using a Docker Compose application and is designed to demonstrate the vulnerability. The vulnerability is in the Squid version 3.5.27, which is the version used in the...

6.1CVSS7.1AI score0.03333EPSS
Exploits1
Gitee
Gitee
added 2021/12/13 10:13 p.m.20 views

Exploit for Generation of Error Message Containing Sensitive Information in Postgresql

PoC exploit for CVE-2021-3393. The target product/service or framework is Apache Commons BeanUtils. The vulnerability class/vector is a deserialization vulnerability. The probable entry points are the BasicDynaBean class. The notable dependency/tooling is Apache Commons BeanUtils. The execution...

4.3CVSS6.6AI score0.01187EPSS
Exploits2
Gitee
Gitee
added 2021/10/08 3:47 p.m.20 views

Exploit for CVE-2020-1472

介绍 参考很多师傅写的关于CS的脚本,内容有横向移动、密码抓取、权限提升、权限维持等,尽可能将内网渗透中常用到的东西整理一下方便使用 更新日志 2021.7.7 更新CVE-2021-1675只测试了本地提权,其他的待测 参考于 https://github.com/cube0x0/CVE-2021-1675 2021.7.26 更新CVE-2021-1675-36934,参考与 https://github.com/cube0x0/CVE-2021-36934 2021.8.14 更新ZeroLogonCVE-2020-1472,参考...

10CVSS8.6AI score0.99512EPSS
Exploits141
Gitee
Gitee
added 2021/07/25 3:13 p.m.20 views

Exploit for CVE-2020-1472

This repository is a proof-of-concept PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service. The exploit requires the latest version of Impacket from GitHub, with added Netlogon structures. The PoC is designed to authenticate with an all-zero challenge and credential to t...

10CVSS7.4AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2020/03/02 2:57 p.m.20 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS9.5AI score0.93168EPSS
Exploits18
Gitee
Gitee
added 2020/02/21 6:24 p.m.20 views

wifi-arsenal

This repository is an offensive tool for WiFi attacks. It is a collection of tools and scripts for various WiFi attacks, including denial of service, encryption attacks, WEP/WPA/WPA2 attacks, WPS attacks, and others. The repository includes tools for injection, rogue AP/fake AP/MITM, sniffing,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/12/17 11:42 p.m.18 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...

10CVSS8.7AI score0.99999EPSS
Exploits351
Gitee
Gitee
added 2021/12/14 11:51 a.m.18 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 1. git clone https://gitee.com/demonbhao/log4j2-cve-2021-44228.git 2. 安装JDK1.8.0以下版本 3. 安装maven,打包需要 使用说明 1. 编写你的poc代码块 2. 编译Exploit.java javac Exploit.java 形成Exploit.class 3. 开启LDAP协议 4.开启http服务器,用python简单开启,注意要和被访问的端口一致...

10CVSS7.1AI score0.99999EPSS
Exploits351
Gitee
Gitee
added 2021/12/13 12:56 p.m.18 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a vulnerability in the Log4j Java library. The target product/service is Log4j, a Java logging library, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the "sendDetectionRequest" function in the...

10CVSS9AI score0.99999EPSS
Exploits351
Gitee
Gitee
added 2020/12/08 4:33 p.m.18 views

Exploit for CVE-2020-1472

CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an unauthenticated attacker to set the password of the Domain Controller account to an empty string NT hash=31d6cfe0d16ae931b73c59d7e0c089c0. This vulnerability is also known as the "Zerologon" vulnerability. The exploit...

10CVSS7.1AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2022/01/10 4:38 p.m.17 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a Java project for a web application that uses the Log4j library. The project is a practice environment for testing and learning about the Log4j vulnerability CVE-2021-44228. The project includes a Maven project settings file, a Java class file, and a Log4j configuration file. The Log4j...

10CVSS8.1AI score0.99999EPSS
Exploits351
Gitee
Gitee
added 2021/12/17 11:36 a.m.17 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for Log4j RCE CVE-2021-44228 vulnerability scanning. The primary CVE ID is CVE-2021-44228. The target product/service is Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry points are scripts/modules such as log4j-scan.py. Notable...

10CVSS8.7AI score0.99999EPSS
Exploits351
Gitee
Gitee
added 2021/08/21 11:29 p.m.17 views

Hack-Tools

This is an offensive tool for Web Pentesters. It is a browser extension that facilitates web application penetration tests, providing cheat sheets and tools such as XSS payloads, reverse shells, and more. The extension is accessible in either popup mode or a whole tab in the Devtools part of the...

6.2AI score
Exploits0
Gitee
Gitee
added 2021/04/27 2:33 p.m.17 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
Total number of security vulnerabilities1886